Home page logo

nanog logo nanog mailing list archives

Re[2]: Network monitoring/IDS rant - What's hot what's not?
From: Richard Welty <rwelty () averillpark net>
Date: Wed, 26 Feb 2003 11:55:53 -0500 (EST)

On Wed, 26 Feb 2003, Pete Kruckenberg wrote:

On Wed, 26 Feb 2003, Christopher L. Morrow wrote:

CA-Unicenter/OVW/Tivoli are not IDS systems...
(traditionally) but they can normally monitor the heck
out of 'decent' sized networks (less than 500 components
was my last experience with OVW atleast, tivoli and CA
we never got working correctly with less than 1 metric
butt ton of LOE to keep it running)

What are the options and recommendations for networks > 500

i've done this sort of stuff successfully with Aprisma Spectrum.


1) it's not cheap. on the other hand, Aprisma did used to have a service
   provider oriented pay-per-number-of-notes-monitored pricing plan,
   which is how we did it back when i was running a Spectrum based NMS

2) it runs only on W2K and Solaris, and for large installations, runs
   much better on Solaris. sizing depends on number of nodes being
   monitored. "enough RAM" is important. multiple spindles with well
   chosen file system partitioning, and 2 CPUs, also make a difference.

3) getting it to run well requires experience. some default settings
   are not very suitable for monitoring large WANs, and it is definitely
   not "set up and forget it" software.

4) apropos to 3, budget for training. one or two smart guys who've
   been through class can handle it (no need for Aprisma Professional

5) reporting used to be clumsy, although are were some add-ons available
   to improve this.

6) the database used to be a proprietary network database based on the
   old VistaDB. they've been migrating towards MySQL, although the
   migration isn't complete yet. archived polling data does go into
   MySQL, but the database of monitored nodes was still in the
   proprietary database the last time i looked at this.

note also that there are a bunch of up-and-coming NMS systems that may or
may not be better than Spectrum. the last time i did an evaluation,
Spectrum was the best in the cost-no-object model, but that was a while

Richard Welty                                         rwelty () averillpark net
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]